Internet criminals: so reliably dumb at hiding their tracks

Shouldn't catching a sextortionist be a little bit harder than this?

It's a good thing for the rest of us that so few criminals are truly "masterminds"—and thus end up so easy to find. Case in point: the FBI's arrest, announced today, of an alleged sextortionist named Karen "Gary" Kazaryan in California.

First, let's be clear on the charges. According to the FBI, the 27-year-old spent huge amounts of time breaking in to e-mail and social networking accounts—usually Facebook—and then scouring them for sexually provocative photos. If found, the photos were then used to approach the account holders and blackmail them into making further displays, usually over Skype, to the watching hacker. If they didn't comply, the original photos might be posted to their Facebook page.

Here, for instance, is how FBI Special Agent Tanith Rogers describes a November 20, 2010 encounter between the hacker, who had obtained a topless photo of a woman in a hot tub from one victim's Facebook account, and two sisters:

The unknown persons then demanded that [victim 1] and [her sister, victim 2, who was actually in the picture] take their tops off and show their breasts on the Skype camera or he would post the photos on their Facebook walls for all of their friends to see. The unknown person told [the sisters] they had 10 seconds to do this. The girls attempted to stall the unknown person.

In retaliation for not complying within 10 seconds, the unknown person, without authorization, logged into [a friend of both girls'] Facebook account and added the [topless] photo of [victim 2] to [the friend's] Facebook wall. The unknown person then instant messaged [the victim] on Skype and sent the link to Facebook with the compromising photo attached. The link was [sic] the photos he had just put on their Facebook walls since they did not comply to his demands.

[The victims] were scared and felt threatened by the unknown subject. They were crying and both then showed their breasts to the unknown person on Skype. The unknown person said they did not show them for a long enough period of time and demanded that they do it again. The girls again complied to his demand and he took the link to the photos off of their Facebook pages. The victims immediately logged off of Skype.

[Victim 1] stated she is emotionally distraught and stated that [victim 2] said she felt as if she was raped. According to [victim 1], both victims closed down their Facebook and e-mail accounts. They are scared to use the computer and scared to be home alone.

In the end, the government claims that Kazaryan's computer held 3,000 photos of nude or semi-nude women, some seized from their own e-mail and Facebook accounts, some snapped from Skype chats like the one described above. More than 350 women may have been targeted.

So how did the FBI find Kazaryan? Well—pretty easily. They simply asked Facebook. By December 27, 2010, Facebook's internal security team had wrapped up an investigation in which it simply pulled the IP addresses for everyone who had accessed the various victim accounts over the last two months, then correlated them. One IP address was common to each: 71.83.210.142.

So Facebook's team then did a different search, looking for every account that had been logged into from 71.83.210.142. This produced a new list of 176 different accounts, and here was the remarkable thing: a huge number of these accounts had recently been disabled due to hacking or had filed tickets with Facebook complaining about being hacked.

So 71.83.210.142 was likely to be the hacker, but who was he? Facebook wouldn't know for sure without the cooperation of Internet service providers, but it had a pretty good guess. That's because the single most commonly accessed account from 71.83.210.142—and by a huge margin—was for one Karen Kazaryan. The account had been accessed nearly every day and, just as crucially, Kazaryan had never reported his own account having been hacked.

So the next day, the FBI ran Kazaryan's name through various database and quickly found that he lived in a Glendale, California apartment and had "an arrest and pending trial for a rape charge in 2008."

It took another week for Charter Communications to confirm that the 71.83.210.142 address was registered to the Glendale apartment owned by Kazaryan. On January 18, 2011, a federal magistrate judge agreed to a search warrant of Kazaryan's property, though it took one more year before the evidence was all gathered and an arrest was finally made.

No, seriously, the Internet isn't “private”

I've covered a lot of computer crime, and the one thing that never ceases to amaze me is how few precautions most criminals take. Even in these sorts of the extreme cases where the amount of time spent harassing young women must have amounted to a full-time job, the alleged perpetrators rarely bother to do anything as simple as hide behind a proxy, much less take further measures. That's not a universal rule, of course, especially when it comes to true professionals operating commercial fraud rings, but this idea that operating on the Internet isn't actually all that anonymous has yet to sink in with at least some significant percentage of the online criminal class.

Many of these schemes, especially those in which the perpetrator isn't in it for the money but for some sort of deviant sexual motive, seem premised on the belief that no one with subpoena power will ever come looking for them. The "hackers" appear to conflate the difficulty that their victims have in locating them with being truly hidden; in reality, most are leaving digital trails all over the Internet. Most end up identified with nothing more complicated than an IP address lookup.

Of course, the truly brilliant criminals may simply not get caught at all, and therefore we see only the stupid ones. But let's hope not, because most Internet users aren't particularly savvy, either. In every "sextortion" case I've seen, the victims also believe in the privacy of their online communications. They store compromising photos on Facebook, they e-mail them to other people, they post inadvisable images on sexually oriented dating sites—all in the belief that these things will not be leaked, hacked, or tied back to them. And yet it happens over and over. (Encryption? Fuggedaboutit.)

While using a smartphone or computer from the comfort of one's bedroom feels private and anonymous, it simply isn't once you connect to the 'Net. Both perps and victims would do well to remember it.

I don't see any evidence for intelligence having much to do with high ethic standards. As a matter of fact intelligent people probably spend much more time searching for interesting past times and crime seems like an actually quite interesting one at that.

That said the second to last paragraph says it all: Catching clever criminals on the internet is pretty hard and generally can't just be solved nationally, so for rather "minor" crimes (by economic standards, say running a large botnet, widespread credit fraud, etc.) that's likely a problem.

Also helps with legitimate problems:prevents from spoofing your browsing session in coffee shops with free wireless; if you don't have static IP, sometimes you get an IP which is banned because neighbour kid is a twat;video only available in UK? select a vpn server from UKetc

I don't see any evidence for intelligence having much to do with high ethic standards. As a matter of fact intelligent people probably spend much more time searching for interesting past times and crime seems like an actually quite interesting one at that.

That said the second to last paragraph says it all: Catching clever criminals on the internet is pretty hard and generally can't just be solved nationally, so for rather "minor" crimes (by economic standards, say running a large botnet, widespread credit fraud, etc.) that's likely a problem.

I think Voo42 possibly meant that if they were smart, they would never have been caught and therefore not legally registered as a criminal.

Either that or he is implying smart people aren't criminals, which is demonstrably false.

1. Misinterpret sextortionist as a sexy contortionist.2. Read: "the FBI's arrest, announced today, of an alleged sextortionist named..." and become sad.3. Finally wise-up and get the meaning.4. Continue reading...

Regarding the internet criminals being stupid, I think the following portion of the article is the most relevant:

Quote:

Of course, the truly brilliant criminals may simply not get caught at all, and therefore we see only the stupid ones.

So, the next day, the FBI ran Kazaryan's name through various database and quickly found that he lived in a Glendale, California apartment and had "an arrest and pending trial for a rape charge in 2008."

...On January 18, 2011, a federal magistrate judge agreed to a search warrant of Kazaryan's property, though it took one more year before the evidence was all gathered and an arrest was finally made.

Does anyone else think the real story here is that a guy was accused of rape in 2008 and still hadn't be put on trial by 2011? How slow can our legal system be?

1. Misinterpret sextortionist as a sexy contortionist.2. Read: "the FBI's arrest, announced today, of an alleged sextortionist named..." and become sad.3. Finally wise-up and get the meaning.4. Continue reading...

So, the next day, the FBI ran Kazaryan's name through various database and quickly found that he lived in a Glendale, California apartment and had "an arrest and pending trial for a rape charge in 2008."

...On January 18, 2011, a federal magistrate judge agreed to a search warrant of Kazaryan's property, though it took one more year before the evidence was all gathered and an arrest was finally made.

Does anyone else think the real story here is that a guy was accused of rape in 2008 and still hadn't be put on trial by 2011? How slow can our legal system be?

Well, dumb criminals are the ones that are caught. The smart criminals don't get caught or aren't even known. Therefore, most criminals that are caught are of the dumb type. So that does not imply that all internet criminals are reliably dumb. Or something like that.

1. Misinterpret sextortionist as a sexy contortionist.2. Read: "the FBI's arrest, announced today, of an alleged sextortionist named..." and become sad.3. Finally wise-up and get the meaning.4. Continue reading...

Sexy contortionsts should all be rounded up and imprisoned for giving women unreasonable expectations of what a man is capable of!

1. Misinterpret sextortionist as a sexy contortionist.2. Read: "the FBI's arrest, announced today, of an alleged sextortionist named..." and become sad.3. Finally wise-up and get the meaning.4. Continue reading...

You, sir, just vastly improved my work day. Or night. Or whatever.

Glad to hear it!

On topic, I'll also add that thanks to the relatively low barrier of entry into what I'll term pseudo-hacking, lower IQ criminals are attracted to the field. Let's face it, laptop + Google + coffee shop = hacker these days. Script-kiddies are probably calling some of these people posers lol.

Edit:

UltimateLemon wrote:

Sexy contortionsts should all be rounded up and imprisoned for giving women unreasonable expectations of what a man is capable of!

I didn't see ol' "Gary" until after I read that, so sextortionist == female (in my head at least) lol

So Facebook's team then did a different search, looking for every account that had been logged into from 71.83.210.142. This produced a new list of 176 different accounts, and here was the remarkable thing: a huge number of these accounts had recently been disabled due to hacking or had filed tickets with Facebook complaining about being hacked.

Ugh, so if this IP is associated with "a huge number" of hacks, why wasn't it blocked? Presumably if some guy is breaking into a ton of women's accounts, facebook has some interest in doing something about that? Maybe lock accounts when that IP resets the password?

Seems like putting nude/racy photos of one's self on the internet might be a bad idea in the first place. Sadly, it just takes one random nut or angry friend/ex to make your life hell. I'm leery of sharing rated-G photos on private links, what with all the pervs out there.

Ugh. I kept having the nagging suspicion that name sounded familiar, and when it said he lived in Glendale, and he was 27, it suddenly changed the prospect from "name collision some point in life" to "oh gods I probably knew the bastard".

He might not have been very smart in covering his tracks, but if he got away with that many hacks and extortions before getting caught, he might not have to be. He put little effort at all at hiding and got away with hundreds of victims, which is actually quite scary.

Ugh, so if this IP is associated with "a huge number" of hacks, why wasn't it blocked? Presumably if some guy is breaking into a ton of women's accounts, facebook has some interest in doing something about that? Maybe lock accounts when that IP resets the password?

Don't want to spend any precious data-mining cpu time on security... No profit in that, and it might lower that user count.

No, if they were smart, they'd be scamming people for money and using that to hire hookers to fulfill their sexual deviancies instead. If they get caught, white collar time for white collar crime instead of being outed as a registered sex offender after release from a rough stint in prison.

So Facebook's team then did a different search, looking for every account that had been logged into from 71.83.210.142. This produced a new list of 176 different accounts, and here was the remarkable thing: a huge number of these accounts had recently been disabled due to hacking or had filed tickets with Facebook complaining about being hacked.

Ugh, so if this IP is associated with "a huge number" of hacks, why wasn't it blocked? Presumably if some guy is breaking into a ton of women's accounts, facebook has some interest in doing something about that? Maybe lock accounts when that IP resets the password?

Or I guess just not care?

IP isn't the first thing you think of. they probably get tons of complaints about "hacking" from ppl who are stupid enough to share their pwds. they only found the commonality when the started to LOOK by IP... 176 hacking complaints vs a billion users.. that's not even a blip... they probably get hundreds of complaints a DAY.

and why would the bad guy change passwords - an unauthorized password change is the first hint of a problem. you want to stalk someone.. it's best to do it without attracting attention.

So Facebook's team then did a different search, looking for every account that had been logged into from 71.83.210.142. This produced a new list of 176 different accounts, and here was the remarkable thing: a huge number of these accounts had recently been disabled due to hacking or had filed tickets with Facebook complaining about being hacked.

Ugh, so if this IP is associated with "a huge number" of hacks, why wasn't it blocked? Presumably if some guy is breaking into a ton of women's accounts, facebook has some interest in doing something about that? Maybe lock accounts when that IP resets the password?

Or I guess just not care?

I will say I think FB might have a better method of correlating this data on their own but, to be fair, much of this sort of traffic can be "normal". How would they know it's not a coffee shop or something similar? There are apps which easily allow you to sniff the traffic in a network and log in as though you're that FB user, even when you're using FB with HTTPS. It's not particularly difficult to think this is probably common for anyone using a coffee shop WiFi. An argument may be made that the hacked accounts probably should have triggered an alert internally, I suppose.

I will say I think FB might have a better method of correlating this data on their own but, to be fair, much of this sort of traffic can be "normal". How would they know it's not a coffee shop or something similar?

What if it is? Does that change anything?

If a huge number of people with hacked accounts all used the same coffee shop, they should probably block that coffee shop as something nefarious is obviously going on.

Nilt wrote:

An argument may be made that the hacked accounts probably should have triggered an alert internally, I suppose.

No kidding. If they're bothering to log this information at all, seems like a no-brainer after a reported incident to see if the last X IP on an account were associated with any other hacks. If one of them is involved in huge number of attacks, maybe its malicious???

No, if they were smart, they'd be scamming people for money and using that to hire hookers to fulfill their sexual deviancies instead. If they get caught, white collar time for white collar crime instead of being outed as a registered sex offender after release from a rough stint in prison.

It's considered a truism that rape is not about sex, but about violence and/or control. This guy appears to confirm that truism. In which case he wasn't going to get what he really wanted from hookers (unless he assaulted them).

No, if they were smart, they'd be scamming people for money and using that to hire hookers to fulfill their sexual deviancies instead. If they get caught, white collar time for white collar crime instead of being outed as a registered sex offender after release from a rough stint in prison.

It's considered a truism that rape is not about sex, but about violence and/or control. This guy appears to confirm that truism. In which case he wasn't going to get what he really wanted from hookers (unless he assaulted them).

So, the next day, the FBI ran Kazaryan's name through various database and quickly found that he lived in a Glendale, California apartment and had "an arrest and pending trial for a rape charge in 2008."

...On January 18, 2011, a federal magistrate judge agreed to a search warrant of Kazaryan's property, though it took one more year before the evidence was all gathered and an arrest was finally made.

Does anyone else think the real story here is that a guy was accused of rape in 2008 and still hadn't be put on trial by 2011? How slow can our legal system be?

Just because he was accused at some point doesn't mean it was headed for a trial at all. The plaintiff could have recanted or the charges dropped because there was no evidence.

So, the next day, the FBI ran Kazaryan's name through various database and quickly found that he lived in a Glendale, California apartment and had "an arrest and pending trial for a rape charge in 2008."

...On January 18, 2011, a federal magistrate judge agreed to a search warrant of Kazaryan's property, though it took one more year before the evidence was all gathered and an arrest was finally made.

Does anyone else think the real story here is that a guy was accused of rape in 2008 and still hadn't be put on trial by 2011? How slow can our legal system be?

A story here notes that the charges were from 2008, but the case was dismissed in 2011. So it could have been just a bit over 2 years (end of 2008 - beginning of 2011). Since the case was dismissed, it could have been that they were hoping to get more evidence against him or convince a witness to offer testimony, then had it dismissed when they realized that wasn't happening.

Quote:

What? They let this freak go on doing his thing for another year?

Well they searched his apartment in 2011. I'm guessing cops coming to your door and taking all your computer equipment, telling you that they're on to your little scheme is a bit of a deterrent to doing it again. It does seem like a freakishly long time for them to continue putting together a case, since he clearly wasn't covering his tracks. But my guess is that they wanted to get as many women identified as possible while they still had time under the statute of limitations, building a better case against him. I also guess that they continued to monitor him after that. And if he so much as sneezed at a woman online they'd haul him off to jail.

For all the government warnings and news stories about this thing happening, people continue to take nude photos of themselves.

It gets to the point they don't deserve protection from being exploited when they go beyond making mistakes to actual inducement of criminal behaviour. Bit like how insurance companies won't pay if the victim left their car unlocked 3 doors down from drug dealers..

That pisses me off; a man != all of men. Don't claim culpability for something you had nothing to do with.

blickety wrote:

On topic, I'll also add that thanks to the relatively low barrier of entry into what I'll term pseudo-hacking, lower IQ criminals are attracted to the field. Let's face it, laptop + Google + coffee shop = hacker these days. Script-kiddies are probably calling some of these people posers lol.

Precisely. I mean, if you can download, install and fumble through Firesheep then you're technically a hacker. It takes no skill or intelligence to do this sort of half-arsed hacking, so it's not exactly mind-boggling that these so-called hackers don't even think to take the most basic precautions.

Let's face it, this sleaze isn't exactly a 21st century Mitnick, is he?

For all the government warnings and news stories about this thing happening, people continue to take nude photos of themselves.

It gets to the point they don't deserve protection from being exploited when they go beyond making mistakes to actual inducement of criminal behaviour. Bit like how insurance companies won't pay if the victim left their car unlocked 3 doors down from drug dealers..

Yep. They shouldn't wear those short dresses or revealing clothes, either. They're obviously asking for rape.

Ugh, so if this IP is associated with "a huge number" of hacks, why wasn't it blocked? Presumably if some guy is breaking into a ton of women's accounts, facebook has some interest in doing something about that? Maybe lock accounts when that IP resets the password?

Don't want to spend any precious data-mining cpu time on security... No profit in that, and it might lower that user count.

Or more plausibly, "Hey, looks like we have a criminal account hacker here. We'd better pass this on the the FBI posthaste but otherwise leave things untouched so we don't give him a tipoff that results in him hammering his HDD flat before they can serve a search warrant."

I'm no big fan of Facebook (I'll never have an account there) but I'd like to hope they're not completely evil.

I don't see any evidence for intelligence having much to do with high ethic standards.

"January 20, 1942: The Wannsee Conference set a new course for how the Nazis would deal with the Jews. Wannsee is a suburb outside Berlin. It is where the "Final Solution" was decided, the Nazi plan for the complete elimination of the Jewish People.

The drafted document contained sixteen signatures from all the upper ministries of the German establishment. Of these sixteen signators, eight had PhD’s. By the way, Poland was divided up into six governments; all six of the German / Polish governors had PhD’s. Of the concentration camp officers, 43% of them had either MD’s or PhD’s. One of the Einsatz Gruppen commanders, Ohlendorf had a degree in law by age 21. He was a genius. Goebbels, the propaganda minister, had 3 PhD’s. He was a brilliant intellectual."

I don't see any evidence for intelligence having much to do with high ethic standards.

"January 20, 1942: The Wannsee Conference set a new course for how the Nazis would deal with the Jews. Wannsee is a suburb outside Berlin. It is where the "Final Solution" was decided, the Nazi plan for the complete elimination of the Jewish People.

The drafted document contained sixteen signatures from all the upper ministries of the German establishment. Of these sixteen signators, eight had PhD’s. By the way, Poland was divided up into six governments; all six of the German / Polish governors had PhD’s. Of the concentration camp officers, 43% of them had either MD’s or PhD’s. One of the Einsatz Gruppen commanders, Ohlendorf had a degree in law by age 21. He was a genius. Goebbels, the propaganda minister, had 3 PhD’s. He was a brilliant intellectual."

You may be misreading my post, but yes I know all of this, which is why I seriously doubt that intelligence has anything to do with ethical standards. Doesn't mean that intelligent people have a lower bar for ethics though, just that they for obvious reasons more often get promoted into higher positions.